Diablo III servers not hacked - Blizzard

The Diablo III servers have not been hacked, Blizzard said today in an update to the game's official forums at Battle.net. Addressing security concerns, among other things, Blizzard also said the number of players who have contacted the company about potential account compromises is "extremely small." Diablo III servers: not hacked, says Blizzard

The company said it is aware of suggestions that account compromises are occurring in ways outside of "traditional" methods, calling out "session spoofing" as an example. Blizzard has examined this possibility and found no reason to believe accounts are being hacked in this way and even said such an exploit is "technically impossible."

The Diablo III launch continues to be problematic for Blizzard, as the company said it is "working around the clock" to address issues as they arise.

This is the second time this week Blizzard has addressed Diablo III security issues. On Tuesday, the developer said reported security compromises were not on Battle.net's end, and encouraged players to use authenticator programs to step up their level of protection.

Elsewhere in the update, Blizzard revealed it has made several hotfixes to address gameplay issues in Diablo III since the game launched. A collection of these changes are available at the game's website. Additionally, the company said further server maintenance will be required, and a patch that will apply bug fixes and address client issues will roll out next week.

On top of this, Blizzard said it continues to investigate how best to go about reapplying achievements some Diablo III gamers lost at launch. The company said no firm details are available at present, but more information will be shared "in the weeks ahead."

Lastly, Blizzard addressed the already delayed release of the Diablo III real-money auction house. This service has now been delayed indefinitely out of May. The company said it needs "a bit more time to iron out the existing general stability and gameplay issues" ahead of the auction house's release.

I have a friend I work with who said he has an authenticator and people on his friends list got them after they got hacked and have had no problems. I'm gonna try it myself.

But on my list of players, I have only added 1 friend, but above that friends list, their is a player listed as on my social list as recent players and I don't know who that person is. His name showed up after I got hacked and then had Blizzard reset my password, and then I chose another password. When I logged back on, their was this name on the list. A sound would play whenever he got on so I sent Blizzard a message attached to that players name saying he was a threat and I think he was the one who hacked my account. He was on 3 straight days and only had a level 1 Barbarian. What does that tell u??? Since I sent the message in about him, he has not logged on since. Hope that is the end of it, but we shall see.

yeh right of course not. Seems very iffy to me, so many ppl being hacked, servers go down for long periods just after these hacks and blizzard 100% blames EVERY player thats been hacked. Yeh 90% of them prolly are ppl with keyloggers, old compromised accounts from wow days, but its very weird that ppl WITH authenticaros have been hacked as well and a majority of these posts on the ifficial forums are locked/deleted.

They all seem to have the same reply from blizzard too. "we find no evidence of unauthorised activity on this account" when the poor players character is stripped naked and has zero gold.Yeh the guys with authenticators are deliberatly going to drop all their gear and cash then make up being hacked?

The session ID dupe thing seems to be the way its being done, which pretty much means "they" can get into your last character from public games from someind of trade window bug (kicking u out in the process) this is why its only 1 character that gets stripped of gear.

Hmmm.... hacked account... vanishing items... hacker sells on RMAH... desperate player buys from RMAH... rinse and repeat... Blizzard still wins... Best damn strategy, better than pay to win cash shops... Good job Blizzard, you know what you're doing... I salute you... (conspiracy theory, made an account just for this... Really didn't mean to troll but this is a possibility).

Ive said it before and ill say it again: If they state, "its not hacked!" , its hacked!

How many companies say their security has not been breached but then later after a month or so, finally admit they have been breached e.g. "SONY"

The only company to openly admit they may have been hacked straight away was Valve (Steam) and that was when they where only suspecting something was wrong.

Anyways Its the same story here with Blizzard, I think they should of implemented the auction house because that's the main motive to all the hackers they want to get as many items and gold as possible so when the AH opens they can sell it for real money.

It seems like every other post in every d3 forum is people either claiming to be hacked or trolling. either way this game is a flop and needs serious work before I play it. I thought bf3 was rough around the edges when it was released but I expect shit from dice not blizzard.

friends account got hacked yesterday... they rolled him back. he lost a ton of his progress and stuff anyway. seems like if u get hacked ur almost better just not rolling back and taking the loss because the roll back system isnt very helpful. he's worked in IT type jobs his whole life, very aware of how mal/spyware, hacks, etc work... this isnt on the user end like fanboys are saying... i feel like battle.net is not secure... IMO... and while im enjoying the game with my friends, i dont think its THAT amazing... if i was to grind to inferno with a ton of amazing gear just to get hacked and rolled back to nightmare with all my high-end gear lost... not sure i would wanna keep playing...

I'm not afraid to say, Everyone was right, and I was wrong. The simple fact is, the online only really pisses me off right now... I was one of the people going, eh? It wont bother me. It doesn't if it's working.

In time I am sure they will get it right, and I do actually enjoy being able to jump in my friends game and say whats up and kill a few demons with buddies. However it's been so off and on that it's just a huge pain.

My account got hacked so they rolled my account back 5 levels and won't give me my items back. Then they say I'm using 1 of my 2 rollbacks and they can't guarantee that they can fix my account again if it gets hacked a third time. Blizzard support is a joke...it's like they want to punish the victims instead of improving their security. I really regret paying $60 for this game

For people still complaining about DRM, this game was not meant to be single player from the beginning. The features that offers the game are meant for a MMO game, people have to realize that. The only mistake from Blizzard that i see, is that it should have stated that the game is a MMO. Anther point to adress, is the hacked accounts, it is not blizzards fault, i mean seriously, people have no idea of some many ways that your acccount can be hacked, could be through a virus, a disguise file, through a hidden network or they have acces to you computer in so many other ways. Besides, think about it, is not easier to hack a personal computer, than trying to breach a security system like blizzard's? Why go to the hard choice when there is millions of people playing the game in their vulnerable computers.

Diablo is still Diablo. These are very minor problems for this amazing game. In a few weeks everything will be working well. The reason why this shouldn't bother anyone is because Diablo 3 is a game that is going to be played for a LONG time. I was still playing Diablo 2: Lord of Destruction religiously in 2008. Everyone should just give Blizzard a break.

I dunno, I got online a few days ago and ALL of my stuff was gone including my gold. Then on my friends list it said I played with a person I've never heard of in my life, and their account was a level 1 throw away character with no gear.

Wow who cares about the RMAH for the hundredth time. Who is ACTUALLY going to spend real money on gear so they can do I dunno what......repeatedly grind the same 4 acts over and over again? Get to work implementing some type of world pvp already. It's been two weeks and I cant be bothered to log in, where's the incentive?

I had a unique email account I used for nothing other than Blizzard and Steam when I set both up a couple years ago (wanted to register my Warcraft 3 keys from the old days).

Nobody else knew those emails, no newsletter... nothing.

Yet, around 3 months in after registering it on Battle.Net, I started, and have ever since, been receiving the occasional spam email claiming my World of Warcraft account has been breached, go to "this" bogus link to change your email... or this or that security breach.. and sometimes even the bogus "free mount" or whatever other crap Blizzard micro-transacts for the WoW crowd.

Last few I got were Diablo 3 based... join the beta, just go "here" to log into your account, and so on.

Believe me when I say my system is secured... there are holes in Blizzard's system that other's have gained access too.. not just account emails, but personal details like the "real" name you've listed in that account too (whether that's really REAL or not).

Blizzard have reached the point where they're like any major supermarket chain. Daily breaches in their security where people's credit/debit/eftpos cards are being accessed and stolen (it's a massive series of wireless holes with them)... but they'll never admit it happens because:

1) they have no legal obligation to inform the public, their customers, or even their shareholders there are holes.

2) it's bad PR... why should they willingly admit to something that WILL damage their client reputation when so much revenue is at stake?

Steam makes a pretty penny and if anyone remembers, I think it was earlier this year or before the new year? They put up a notice when you loaded your client that they "thought" account info may have been accessed, so change your password and monitor your bank statements.

That was just when they thought it was a possibility... they let us know. Then they admitted it really happened and they were keen to hear from anyone that may have been effected.... that's how you deal with a security threat, honestly and openly. Steam didn't lose anyone's respect by doing that.

@nord1c Accounts keep getting hacked because most people are idiots, not because blizzard security sucks. Lots of people give away there account information to shady emails and websites on a daily basis, and many players refuse to use authenticators.

You should really look into getting either the authenticator from Blizzard (it's $6.50 or so, but the Diablo 3 one looks awesome!!) or use the free Mobile authenticator which is free. I have a WoW authenticator. It's pretty cool cause I got a WoW pet for it. Not too bad of a price, I guess.....

@RapidFirE53211 Yea, my friend got hacked within a day of purchase. I had given him a ton of items to help him out but the rollback goes to before I gave him the stuff. So in other words he can't get it back. It's easy for people to defend Blizzard and say, "oh it's not that bad" when they haven't been hacked of have had a friend get hacked... People need to open their eyes and recognize the number of accounts being compromised and not simply listen to everything Blizzard says. What a joke. 1 day after purchase? Seriously?

The guy who hacked his account apparently has hacked 3 or 4 other accounts recently too but he's still not banned. Blizzard get your act together. If anyone wants to help report him, "Luisina2910#2253"

@VampireLord123 people have a right to complain about poorly implemented DRM.

Valve manage to get it right and it's not like Blizzard hasn't had enough experience with Battle.net and WoW itself.

And while it's true virii and other silly things people do can lead to their accounts getting hacked, it's alot easier to hack security mainframes nowadays than most people would think.

Anyone that works in, or knows someone that works in the IT side of the security industry (not vice versa, not the security side of IT) will have heard at least a smidgen of the stories of how horrifically easy it is for a determined yet only barely skilled person to hack and steal from high profile company databases (including major national banks around the world)... and how frequently it happens. Gone are the days when hardcore hack tools had to be engineered from scratch by the hacker themselves.

Hell, if you know how to follow your way from google through but 1 or 2 forums you can easily track down the latest build of a hack specific linux that the FBI use to not only track a variety of hack tools, but to proactively seek holes and infilitrate security systems... wardriving enabled too for any common 'built in modem' laptop/netbook.

Blizzard have a hole in Diablo 3 that they had no idea what or where it was when they released the above statements... until incidents of the current hacking end, everyone should assume Blizzard are still trying to figure out where the hole is.

@Elem3nt Lol, you must be new to the internet. There are millions of mindless people willing to throw money at companies like Zynga and Nexon. You really think RMAH with Blizzard will be any different? Nope. Tons of people will surely use it, unfortunately. Even with the -- dare I say it? -- 15% transaction fee. F-I-F-T-E-E-N %...

Ummm your complaint is baseless. These phishing emails you will get with ANY game, site, bank, credit card or any oither form of online entity where you have to use an ID and PW to log in. These are people trying to simply get stupid people to respond.

This is NOT Blizzards fault or any other developer. It is just the nature of phishing. THese are NOT breaches of security unless you are ignorant to fall for these phishing emails.

I call BS. How did they login from another ip without having to enter the authenticator #. You either didn't set it up right or you are not telling the whole story. Please explain how ones account can get hacked with an authenticator. I orignally played WOW without the authenticator and my account was hacked. Blizzard gracefully restored my account and I the added an authenticator. 2 years have gone by with active battlenet usage for WOW, Starcraft, and now Diablo 3. No attempts at hacking my account as there is no way thbrough the "locked door" that is the battlenet authenticator.

@cjburnfist Yeah... and with their always online requirement, the more I think it wasn't for protection but for revenue... I really had respect for Blizzard, but now they're just another company more focused on games for money, not games for gamers.... I know that gaming is an industry but still... There's a reason that Ferrari's an exotic whilst a toyota is meh. It's the quality vs quantity conundrum. The only developer I really hold high regards for now is CDProkektRed but sadly, everything gets corrupt nowadays because of $$$$$$.... Bioware is going down the drain also with their DA2, SWTOR, ME3 shananigans.... And that is why I think those kickstarters may be the saving grace of gaming...

@rhollingsworth NORMALLY, i'd agree. But blizzard DID have some sort of massive email list leak. Thousands of people started getting FLOODED with those spam gold/phishing emails at the same time, for no apparent reason. Blizz F'd up, and this was a long time ago. I STILL get those emails constantly, and on a much higher scale then I did before that day.

It's Blizzard's responsibility to not let stuff like that leak. I did point out that I hadn't been using that email anywhere else, so it's not like my email had made some dodgy porn/casino/warez mailing list... yet those phishing emails were addressing me by the listed name or the account name I gave Blizzard. Things I don't share around, and often make unique for every major account setup I intend using.

Phishing doesn't just happen.

And Blizzard is no longer merely a developer. They institute their own form of DRM which controls your access, they market and sell directly through their company as well. They are a fully fledged distributor and they ARE responsible.

The very nature of enforcing and maintaining their DRM also raises the level of responsibility in this scenario... DRM is meant to be a form of security right? That's what they keep telling us. That means they are directly responsible for the secure nature of EVERYTHING that involves their games/products/content, and ALL access between the consumers of their games/products/content and their actual 'stuff'.

BUT EVEN IF they were still just a developer, or this were going through the distributor's staff/department... you handle sensitive information, you are thus responsible for it.

Blizzard have leaks, it's no secret.

And to round off my reply, I wasn't complaining, I was stating a fact. A complaint involves an expectation that a wrong will be rectified... I have every confidence Blizzard will fail to defend themselves from the gold farming, account hacking filth that so populate their user base these days.

@rhollingsworth was in my trolling mood back then... But I know when I've crossed the line dear sir... I apologize... But still It's kinda funny when my email for gaming has the gaming specific phishing ones and the work one has none..... explain that dear sir... (not in the mood to troll) serious question....

First of all, i have more networking experience than you will ever have. Are your two emails linked to your gaming accounts? Probably not as I suspect your email addresses that are used for gaming are the ones that get phished. If you dont know anything about how phishers work, please do not try to come here and pretend you know more than you think.

I work with network security for a very large company. Phishing is as simple as it gets, there is really not a lot any company can do to prevent phishing. All it takes is a spoof of a website, and a email domain to send mass emails to.

I think the only child here is you, son. If you are stupid enough to fall for a phishing email, then that is your naivety and ignorance. Apparently you have no concept of the vast amount of phishing done across all levels of gaming, credit companies, banks, online payment sites and Ebay type auction sites. None of these are free from phishing attacks.

Those emails will keep coming, there is NOTHING blizzard can do to stop phishing.

Before you come on here trying to tell me that I do not know what i am talking about, why dont you take some classes in network security.

My company alone deals with numerous DOS attacks weekly, there is never an end to people trying to hack, phish, attack or otherwise compromise a consumer network.

Sounds like you people just have a beef against Blizzard. If that is the case, simply dont buy their games and you wont have a reason to bitch and moan as you are prone to do.

Sure Blizz had issues at launch, with authentication and other login issues. But to also blast them for phishing is just plain ignorant as phishing is as common as spam email.

@rhollingsworth well, I own the domain names that are on my email accounts as well so this isn't a mass public domain freebie account situation.

They may not show the right info in the headers regarding their origin actually being from Blizzard, but the whole point of these kind of scams is to catch out the people that haven't got a clue what an email header is, let alone how to use read/understand one.

And again, I did mention these emails have included Blizzard account and "personal detail" names that they could have only accessed if they got into the Battle.net database.

There's absolutely nothing random about the emails I get.

Blizzard are just too big a target since WoW took off for 90% of attacks to be random or casual. Blizzard are constantly being hacked and attacked.... how many are actually successful? WAY more than they'll ever admit to.. and sadly their support department dedicated to hacks and phishing are either undermanned or simply aren't interested in tracking down any of the hacks that aren't system critical... meaning unless your account is hacked AND they are outright liable if they don't act, the best you'll get is a common techsupport response of "thanks, we might look into it but here's a condescending list of things your typical simple minded MAC user needs to be told not to do while surfing for porn and cheats to protect themselves"

@eriktkire Phishers do not use account names, they spam email domains, doesnt matter what your name is, they target the entire @yahoo.com, @hotmail.com domain and your account is there so you get the email.

Not one company or entity has been able to get around this fact, that is why these phishing emails are as common as spam emails anymore.

To blame blizzard for this fact is just flat out incorrect. I dont care if your account name was so obscure no one could guess it. A Spam of a domain covers ALL combinations, those that are bounced are simply purged as they come back. A simply algorithm, the hardest part is spoofing the site with a web domain that actually looks legit.